Deploying Jenkins to AWS using cloudformation and secrets manager Deploying Jenkins to AWS using cloudformation and secrets manager jenkins jenkins

Deploying Jenkins to AWS using cloudformation and secrets manager


jenkins amazon-cloudformation aws-codepipeline aws-secrets-manager

Not sure why you want to do stuff in this way in general, but couldn't you just use the AWS CLI to get the secrets from Secrets Manager directly from your ELB instance?

jenkins amazon-cloudformation aws-codepipeline aws-secrets-manager

Cloudformation templates can recover secrets from Secrets Manager. It is somewhat ugly, but works pretty well. In general, I use a security.yaml nested stack to generate secrets for me in SM, then recover them in other stacks.

I can't speak too much to EB, but if you are deploying that through CF, then this should help.

Generating a secret in SM (CF security.yaml):

Parameters:  DeploymentEnvironment:    Type: String    Description: Deployment environment, e.g. prod, stage, qa, dev, or userdev    Default: "dev"...Resources:...    RegistryDbAdminCreds:    Type: 'AWS::SecretsManager::Secret'    Properties:      Name: !Sub "RegistryDbAdminCreds-${DeploymentEnvironment}"      Description: "RDS master uid/password for artifact registry database."      GenerateSecretString:        SecretStringTemplate: '{"username": "artifactadmin"}'        GenerateStringKey: "password"        PasswordLength: 30        ExcludeCharacters: '"@/\+//:*`"'      Tags:      -        Key: AppName        Value: RegistryDbAdminCreds

Using the secret in another yaml:

Parameters:  DeploymentEnvironment:    Type: String    Description: Deployment environment, e.g. prod, stage, qa, dev, or userdev    Default: "dev"...Resources:  DB:    Type: 'AWS::RDS::DBInstance'    DependsOn: security    Properties:      Engine: postgres      DBInstanceClass: db.t2.small      DBName: quilt      MasterUsername: !Sub '{{resolve:secretsmanager:RegistryDbAdminCreds-${DeploymentEnvironment}:SecretString:username}}'      MasterUserPassword: !Sub '{{resolve:secretsmanager:RegistryDbAdminCreds-${DeploymentEnvironment}:SecretString:password}}'      StorageType: gp2      AllocatedStorage: "100"      PubliclyAccessible: true      DBSubnetGroupName: !Ref SubnetGroup      MultiAZ: true      VPCSecurityGroups:      - !GetAtt "network.Outputs.VPCSecurityGroup"      Tags:      - Key: Name        Value: !Join [ '-', [ !Ref StackName, "dbinstance", !Ref DeploymentEnvironment ] ]

The trick is in !Sub '{{resolve:secretsmanager:RegistryDbAdminCreds-${DeploymentEnvironment}:SecretString:username}}' and !Sub '{{resolve:secretsmanager:RegistryDbAdminCreds-${DeploymentEnvironment}:SecretString:password}}'

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last